CreeperHost® Privacy Policy

Privacy Policy

In accordance with the General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR) and related UK Data Protection Act 2018 (together the Data Protection Legislation ), CreeperHost is committed to protecting the confidentiality and overall security of the information that you provide to us.

Introduction

This Privacy Policy is designed to help you understand how we collect, process, store and generally use your information. For the purposes of the Data Protection Legislation, the Data Controller in relation to any personal data you supply will be CreeperHost. We do understand that during the course of the products and services offered by CreeperHost working alongside its third parties and business partners, we may, at different times, be controller or processor of the data provided. CreeperHost will treat the data provided no differently whether it is the controller or processor and will ensure it follows the relevant acts. If you have any questions or queries about this policy, please contact us. See 'How to contact us' for details.

Who we are

"CreeperHost" (also referred to in this notice as 'we', 'us', or 'our') means CreeperHost Ltd. Our contact details are set out at the end of this privacy policy.

This privacy policy sets out how CreeperHost Ltd and our associated trading names uses and protects any information that you give us when you visit any of our websites listed below (each, a " website" ) , the Creeper Panel "Control Panel", our trading address and/or use any of our other services.

The following domains/websites are also within scope of this policy.

Why we need and how we use your Personal Data

We only collect, process and store your information where we have lawful grounds and/or a legitimate interest to do so. We will collect data that is necessary for us to meet our own legal obligations and to provide those products and services requested by yourselves.

Data Protection Legislation states we can use your personal information only if we have a proper reason to do so. This includes sharing it outside of CreeperHost. There are a number of lawful reasons to process data, the following are applicable to CreeperHost in the vast majority of circumstances:

To provide you with information that you have requested or which we think may be relevant to a subject in which you have demonstrated an interest;
To initiate and complete commercial transactions with you, or the entity that you represent, for the purchase of products and/or services;
To fulfil a contract that we have entered into with you or with the entity that you represent;
To manage any communication between you and us;
When it is necessary for us to comply with a legal obligation; or
When it is in our legitimate interest.

A Legitimate Interest is when we have a business or commercial reason to use your information, if we are using this as our lawful reason for processing personal data, we will tell you what that is. We will ensure that our reasoning does not go unfairly against you and ensure our decision is best for you.

WHAT WE USE YOUR PERSONAL INFORMATION FOR	OUR REASONS	OUR LEGITIMATE INTERESTS
To maintain the website; improve your browsing experience by personalising the website and/or control panel, as well as enabling your use of the services available on the website and control panel. To develop and improve and manage our website, control panel, brands, products and services.	Legitimate Interest	To ensure we to can continue to offer our products and services to you, as well as provide the best experience possible when using our website, control panel, products and services.
Provision of products and services requested by you.	Legitimate interest, fulfilling contracts	We need to ensure we can deliver the products and services requested by you.
Send statements and invoices to you and collect payments from you.	Legitimate interest, fulfilling contracts	To ensure we receive payment from the products and services requested by you.
To meet our UK and Non-Union VAT MOSS for EU obligations and obey other laws and regulations that apply to us.	Legal Obligation	We have a legal obligation to comply with VAT MOSS and any other law or regulations.
For internal record keeping and accounting purposes.	Legitimate interest, legal obligation	To ensure we can deal with customer requests based on up to date information as well as meet our obligations towards having the correct accounting information.
Send you general (non-marketing) commercial communications.	Legitimate interest, legal obligation, fulfilling contracts	We may need to contact you and make you aware of any changes to the products and services that we provide you.
Inform you of upgrades and new features available to your service.	Legitimate interest, fulfilling contracts	Where you are using our products and services we may need to contact you and make you aware of any changes, upgrades, new features or problems that affects you, i.e. server outages, unplanned maintenance.
Analyse statistical information about our users - but this information will not be used to identify any individual user.	Legitimate interest	We analyse website traffic for both ourselves and our third-party partners, so we can determine website traffic and continue to improve the products and services offered and make the necessary changes to our website. All such data is anonymised before storing.
To deal with enquiries about our products and services or complaints made by you or about you, about our website, products or services.	Legitimate interest	To ensure we can provide a professional and timely customer service with regards to any enquiry or complaint.
To allows us to perform credit and fraud prevention checks against our customers using approved third parties.	Legitimate interest	The use of your data is essential for us to check your Identity, IP address against your geographical location, prevent online fraud and cut chargebacks by screening the customers method of payment to ensure it hasn't been stolen or used to perpetrate fraud.
CCTV is used at our Grantham premises.	Legitimate interest	For the purpose of crime prevention, as well as staff and visitor safety and security.

The Personal Data we collect and how we collect it

We need some personal information from you before we can provide the products and services you request. Without adequate information, we may be unable to provide these products and services. It is anticipated that the majority of personal data will be collected via the 'Contact Us' page on our website, emails between you and us, mail delivered to our registered office and those data subjects visiting our trading address.

We may collect, process and store the following types of personal data:

Basic personal detail such as name, address, telephone number and email address;
Personal characteristics (CCTV images) if visiting our trading address;
IP Address;
Geographical location;
We may keep a record of any correspondence and any information provided to us during that or any subsequent communication.
Information about your computer and about your visits to and use of the website and control panel (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation);
Information relating to any purchases you make of our products or services

Where you are a minor aged under 18 (and you must be aged twelve or more to use our websites and benefit from our services), we shall process your data in accordance with the Children's Code

For anyone wishing to visit CreeperHost and in particular 'The Spawn Point' at our trading in The George Shopping Centre, Unit 31-32, Grantham, Lincolnshire, NG31 6LH, then you must be aware of the operation of CCTV on site, which is used for the purposes of crime prevention and detection as well as staff and visitor safety and security.

Please note, whether you are a child or an adult wishing to utilise the gaming venue and internet café services provided by The Spawn Point, you must be aware that any personal data collected as part of your visit will be wiped from any systems used at the end of visit. This is to ensure your personal data is not retained any longer than necessary and safeguard you against the risk associated with collecting such data.

Where such data is provided to us, it will only be used for the specific purposes set out in this policy.

Further to this:

We do not store debit or credit card details.
We do not collect or process special category data (e.g. that relating to your health, religion or sexual orientation).

Cookies

To find out more about how we use cookies please see our Cookie Policy .

Marketing

CreeperHost does not use direct marketing.

We may send you general non-marketing commercial communications for the purpose of informing you of upgrades, new features or problems to the product and/or service being utilised by yourselves. For example, this could be server outages or unplanned maintenance. You may opt out of this at any time.

Sharing Information and information from other sources

We will only share your personal information to other parties where such a transfer is a necessary part of the activities that we undertake, our legitimate interest, where you give us consent or where we are required to do so by law or regulation.

We may disclose your personal information to employees or partners insofar as reasonably necessary for the purposes as set out in this privacy policy.

We may use credit reference agencies to verify your identity and check your credit history. We may use third party fraud prevention and detection service providers to help us prevent and detect online fraud, locate our internet visitors and prevent fraudulent online transactions. This will only be done when we have asked them to act on our behalf. Such service providers are contractually restricted from using or disclosing the information we give them except as necessary to perform services on our behalf or to comply with legal requirements. We only share your information if we are satisfied that have the appropriate technical and organisational measures in place to protect your information in the same way that we do.

We analyse website traffic for both ourselves and our third-party partners, so we can determine website traffic and continue to improve the products and services offered and make the necessary changes to our website. Where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the licence you grant to us.

We will receive personal data about you from various third parties and public sources as set out below:

Technical Data from the following parties:

(a) analytics providers such as Google based outside the UK;
(b) advertising networks; and
(c) search information providers.
Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
Identity and Contact Data from data brokers or aggregators.
Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.
Personal Data from fraud prevention and detection service providers.
Personal Data from credit reference agencies

We may disclose your personal information:

To our third-party accountants to perform bookkeeping duties on our behalf;
To our payment service providers who handle all our website financial transactions;
To new owners of our business in the event that we are subject to a merger or acquisition;
Disclosure may also be made to enable company audits, regulatory inspections or to investigate a complaint, suspicion of fraud or a security threat;
In connection with any legal proceedings or prospective legal proceedings;
In order to establish, exercise or defend our legal rights.

We never share your information outside our organisation for marketing purposes unless it is with your express written consent. You have the right to withdraw consent to marketing at any time by contacting us.

You may find links to other websites within our own. As we host virtual private servers, gaming streamers may use a number of streaming services (YouTube, Twitch, Mixer) that may be visible on our website. Also, if you purchase something from our website then you will be taken to our third-party payment service provider site to process your request. Clicking on these links or purchasing something from our website may allow third parties to collect or share data about you. It is important to note that CreeperHost is not responsible for these websites, and such third parties should have their own privacy policy on their website and which will govern their use of your data.

Transfer of Personal Data outside the European Union (EU)

CreeperHost is domiciled in the UK;
CreeperHost use Cloud Service Providers (CSPs) as part of our processing environment. Unless we specifically state otherwise, we are, in respect of all these CSPs, the data controller;
Unless we state otherwise all data held by CreeperHost is located within the United Kingdom and/or the European Economic Area, even in the event of a fail over;
In certain circumstances personal information held on our systems may be accessed and processed by CreeperHost staff members based in the US in accordance with applicable law. We have appropriate contractual and security measures in place to ensure that personal data is protected;
Our fraud prevention service provider is based in the US.
In the event we transfer your personal data to a country without an adequacy decision from European Commission, such as the United States, any such transfer will be subject to an agreement with the importing party which incorporates standard contractual clauses approved by the European Commission.

How long we keep Information about you

We will keep your information for as long as it is required to enable us to provide the products and services we offer. This will usually be a maximum period of 10 years pursuant to our VAT obligations. Once we decide that we no longer need your information or when the retention period is met, your data will be securely and confidentially destroyed.

The personal data stored on our CCTV system is held for no longer than 30 days.

Security

We have, what we believe are, appropriate security controls in place to protect personal data. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control. We also ensure all our payment card processing is in compliance with Payment Card Industry Data Security Standards.

Your Data Protection Rights

You have certain legal rights under GDPR and related UK data protection law and regulations, summarised as follows:

The right to be informed about our data processing activities, including through Privacy Policies such as this.
The right of access to the personal information we hold about you. To request a copy of this information let us know using the details in the 'How to contact us' section.
The right of rectification. You may ask us to correct any inaccurate or incomplete data we hold about you.
The right to erasure and to restrict processing. You have the right to have your personal data erased and to prevent processing except where we have a legal obligation to process your personal information. You should bear in mind that by exercising this right you may hinder or prevent our ability to provide products and services. · The right to data portability. On your request, we will provide you with your personal data in a structured format.
The right to object. You can object to your personal data being used for profiling, direct marketing or research purposes
Rights in relation to automated decision making and profiling to reduce the risk that a potentially damaging decision is taken without human intervention.

Please note CreeperHost does not utilise automated decision making or profiling as part of the products and services it offers.

If you want to invoke any of these rights, please use our self serve portal located athttps://gdpr.creeper.host , or if the action you wish to take is not available in our self serve portal, then contact us using the details in the 'How to contact us' section below.

You will not have to pay a fee to access your data or exercise any of the other rights, however, me may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request.

We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. It could take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.

Withdrawal of Consent

If you have provided your specific consent to the use of personal data and later wish for us to stop using your information for any purposes mentioned in this Privacy Policy, please contact us using the details below.

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. See 'How to Contact us' below.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How to Contact us

For any questions or concerns relating to this Privacy Policy or our data protection practices, please contact us at:

CreeperHost Ltd
Office 7
35-37 Ludgate Hill
London EC4M 7JN
[email protected]

You can also contact us via https://www.creeperhost.net/contact .

Or to make a subject access or any other request regarding the information we hold, please visit this link: https://gdpr.creeper.host

How to make a Complaint

You have the right to make a complaint about how we hold or use your data, at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance. See the 'How to contact us' section above for details.

Changes to Our Privacy Policy

We may amend this Privacy Policy from time to time – for example, to keep it up to date or to comply with legal requirements. The latest version of this policy can be found at any one of our domains in the 'Who we are' section of this privacy policy. If we change anything substantial regarding our privacy policy, we will provide a more prominent notice on our website or social media accounts; for certain changes we may email you.